Report - reurl.cc/o5qVbD

Report Overview

Submitted URL
reurl.cc/o5qVbD
IP
35.185.130.121
ASN
#396982 GOOGLE-CLOUD-PLATFORM
Submitted
2024-04-18 06:53:14
Access
public
Website Title
404 - Page Not Found
Final URL
webdemailsid-verifyloginservice656d8c690a4b551f51624fe680.square.site/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
2

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
neon.ly	unknown	2018-12-21	2019-04-05	2024-02-17	497 B	1.8 kB	18.192.223.43
storage.reurl.cc	unknown	2017-07-20	2022-05-07	2024-03-05	1.6 kB	4.0 kB	34.149.98.30
ecs.tagtoo.co	258231	2010-12-03	2020-06-05	2024-04-09	788 B	24 kB	34.102.218.41
uec.tagtoo.co	unknown	2010-12-03	2021-04-14	2024-03-10	388 B	4.5 kB	34.107.150.21
event.tagtoo.co	555291	2010-12-03	2022-06-27	2024-03-25	1.1 kB	727 B	34.96.83.10
ttd-cm.tagtoo.com.tw	541218	2013-01-11	2021-07-22	2024-02-27	519 B	290 B	34.160.218.201
webdemailsid-verifyloginservice656d8c690a4b551f51624fe680.square.site	unknown	unknown	No data	No data	2.3 kB	4.4 kB	74.115.51.4
reurl.cc	115186	2017-07-20	2017-10-13	2024-04-02	471 B	1.4 kB	35.185.130.121

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

Scan Date	Severity	Indicator	Alert
2023-11-06	medium	reurl.cc/o5qVbD	Other

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (0)

HTTP Transactions (14)

URL IP Response Size

storage.reurl.cc/javascripts/ga2.js

34.149.98.30

536 B

URL
storage.reurl.cc/javascripts/ga2.js
IP
34.149.98.30:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
JavaScript source, ASCII text, with very long lines (536), with no line terminators
Size
536 B (536 bytes)
Hash
b62a9953b965481dc112622ba8aff6c4
8053e2d92e7c4f9a4b1d5c516b65e87acbde06e4
16cf673198b29bb08e83f5d8f74182d97d9c6dfa729c60f90f6195e739de9d20

HTTP Headers

GET /javascripts/ga2.js HTTP/1.1
Host: storage.reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://reurl.cc/o5qVbD
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
content-length: 536
referrer-policy: no-referrer-when-downgrade
x-request-id: 7a7f7c6f-b696-41f3-a250-73ac8be780f9
via: 1.1 google
date: Thu, 18 Apr 2024 02:02:58 GMT
age: 17392
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
content-type: text/javascript; charset=utf-8
vary: Origin
cache-control: public,max-age=28800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

storage.reurl.cc/javascripts/redirect.js

34.149.98.30

112 B

URL
storage.reurl.cc/javascripts/redirect.js
IP
34.149.98.30:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
ASCII text, with no line terminators
Size
112 B (112 bytes)
Hash
b8d1b83cdeb3fc39033d345ee45fdea0
4bb7e64cd67345e8e60613c2f6c45c096706854f
0a01cd2c51200f878b658e08c0f37b095cb3ed34e61133f377632b29df9abdaa

HTTP Headers

GET /javascripts/redirect.js HTTP/1.1
Host: storage.reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://reurl.cc/o5qVbD
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
content-length: 112
referrer-policy: no-referrer-when-downgrade
x-request-id: b71af5a5-8bd7-4059-888d-1f40b90af583
via: 1.1 google
date: Thu, 18 Apr 2024 02:48:44 GMT
age: 14646
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
content-type: text/javascript; charset=utf-8
vary: Origin
cache-control: public,max-age=28800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

storage.reurl.cc/javascripts/pixel.js

34.149.98.30

429 B

URL
storage.reurl.cc/javascripts/pixel.js
IP
34.149.98.30:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
ASCII text, with very long lines (429), with no line terminators
Size
429 B (429 bytes)
Hash
8db606ffbc89a5a15fab90b7aeb7a2e7
1ccf32ca6dbb1fdbc1b049246c08e9e5ddb8bf6f
3050a5556edc5876cd83e63f15e56fe19cb428129345a58d1f57687414504698

HTTP Headers

GET /javascripts/pixel.js HTTP/1.1
Host: storage.reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://reurl.cc/o5qVbD
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
content-length: 429
referrer-policy: no-referrer-when-downgrade
x-request-id: 18d2e90a-4884-4d63-9c4c-64764a461adf
via: 1.1 google
date: Thu, 18 Apr 2024 00:22:09 GMT
age: 23441
last-modified: Thu, 29 Sep 2022 09:52:31 GMT
content-type: text/javascript; charset=utf-8
vary: Origin
cache-control: public,max-age=28800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

storage.reurl.cc/javascripts/tagtoo.js?v=3

34.149.98.30

615 B

URL
storage.reurl.cc/javascripts/tagtoo.js?v=3
IP
34.149.98.30:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
ASCII text, with very long lines (615), with no line terminators
Size
615 B (615 bytes)
Hash
b642f7ae9504efdd83375eee3a6c20cf
91b6d27ec4b2a07bfaab3df21167afe7b2254fe0
a1c2d36d3bc7059c195714b9b3c4fa4361cf97d7b015a06d6cf572798df786b8

HTTP Headers

GET /javascripts/tagtoo.js?v=3 HTTP/1.1
Host: storage.reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://reurl.cc/o5qVbD
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
accept-ranges: bytes
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
content-length: 615
referrer-policy: no-referrer-when-downgrade
x-request-id: 66786ead-da08-4aea-8c1d-6d35cb04e085
via: 1.1 google
date: Thu, 18 Apr 2024 02:32:44 GMT
age: 15606
last-modified: Tue, 19 Dec 2023 13:17:58 GMT
content-type: text/javascript; charset=utf-8
vary: Origin
cache-control: public,max-age=28800
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ecs.tagtoo.co/js/unitrack.js

34.102.218.41

8.7 kB

URL
ecs.tagtoo.co/js/unitrack.js
IP
34.102.218.41:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
JavaScript source, ASCII text, with very long lines (26114)
Size
8.7 kB (8725 bytes)
Hash
3598ca086dcade7dba871cdab47e3918
712fb1751cbd5c2ba2d549ef1a5b642387998b17
2eab2b7adfd71b5cf3fe3747f993d26520691d544bb7fc4338dc049b4f0d1c2c

HTTP Headers

GET /js/unitrack.js HTTP/1.1
Host: ecs.tagtoo.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-guploader-uploadid: ABPtcPpNhjMdtOLWRlDCxvr2WyOTlojhMd09dYdzhLpLbN1lPCKTHgq5RiiK54TtNeojB6fGJ5COiXg7BQ
x-goog-generation: 1684309132134575
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 8725
content-encoding: gzip
x-goog-hash: crc32c=Uh9iNA==, md5=zNUT7b4+tmwX1zyU1kYlJg==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 8725
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Access-Control-Allow-Origin
server: UploadServer
date: Thu, 18 Apr 2024 06:44:45 GMT
expires: Thu, 18 Apr 2024 08:14:45 GMT
cache-control: public,max-age=5400
age: 485
last-modified: Wed, 17 May 2023 07:38:52 GMT
etag: "ccd513edbe3eb66c17d73c94d6462526"
content-type: application/javascript; charset=utf-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

uec.tagtoo.co/tuec.js

34.107.150.21

3.8 kB

URL
uec.tagtoo.co/tuec.js
IP
34.107.150.21:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
JavaScript source, ASCII text, with very long lines (9690)
Size
3.8 kB (3770 bytes)
Hash
9d94b7776bb6b8fcc6f9fd70c18341cf
2572e9682e3175c4ab6f5fc95a00ec01607b4cca
698fe0a6500f771d98d1ca713a5445d523fac649207572b69123699702854c0b

HTTP Headers

GET /tuec.js HTTP/1.1
Host: uec.tagtoo.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-guploader-uploadid: ABPtcPrgHwpER9LJOwucmH5InGM-LhtzS-eo12EEe7aXh92kYyggcNxp3duIeH-vh4w4aCMkinQhM_FjYQ
x-goog-generation: 1702372126688115
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 3770
content-encoding: gzip
x-goog-hash: crc32c=IxwxIw==, md5=L6Ez21DNgdh7j/uHKaarNQ==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 3770
server: UploadServer
date: Thu, 18 Apr 2024 06:36:35 GMT
age: 975
last-modified: Tue, 12 Dec 2023 09:08:46 GMT
etag: "2fa133db50cd81d87b8ffb8729a6ab35"
content-type: application/javascript
vary: Accept-Encoding
cache-control: public,max-age=3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ecs.tagtoo.co/js/fp.min.js

34.102.218.41

13 kB

URL
ecs.tagtoo.co/js/fp.min.js
IP
34.102.218.41:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
JavaScript source, Unicode text, UTF-8 text, with very long lines (31370)
Size
13 kB (12950 bytes)
Hash
cc9c5b0862e4e039957bbc0f6c08a3c9
e9edca8399e0b760271972bb37bf573fb224bbdd
561df1b2a900c7564a7c7ce397c38d145d1fd19e9dace210902125bd5b5a8df4

HTTP Headers

GET /js/fp.min.js HTTP/1.1
Host: ecs.tagtoo.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: script
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
x-guploader-uploadid: ABPtcPr4yaZqW4SQPC97LPk0RxFYyGUQuGzU8guSocJ9OaCKQcYfYdGEMP2lqtrqw4OD9N8YIyXfSZg5ww
x-goog-generation: 1631784347603860
x-goog-metageneration: 1
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 12950
content-encoding: gzip
x-goog-hash: crc32c=paC+Ww==, md5=XZFZBzxE5IWLB9REWhrc6w==
x-goog-storage-class: STANDARD
accept-ranges: bytes
content-length: 12950
access-control-allow-origin: *
access-control-expose-headers: Content-Type, Access-Control-Allow-Origin
server: UploadServer
date: Thu, 18 Apr 2024 06:50:11 GMT
expires: Thu, 18 Apr 2024 06:55:11 GMT
cache-control: public, max-age=300
age: 159
last-modified: Thu, 16 Sep 2021 09:25:47 GMT
etag: "5d9159073c44e4858b07d4445a1adceb"
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

event.tagtoo.co/permanent?fp=5db3a4e34790624df926db520a13f79f

34.96.83.10

2 B

URL
event.tagtoo.co/permanent?fp=5db3a4e34790624df926db520a13f79f
IP
34.96.83.10:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
ASCII text, with no line terminators
Size
2 B (2 bytes)
Hash
e0aa021e21dddbd6d8cecec71e9cf564
9ce3bd4224c8c1780db56b4125ecf3f24bf748b7
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

HTTP Headers

OPTIONS /permanent?fp=5db3a4e34790624df926db520a13f79f HTTP/1.1
Host: event.tagtoo.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-token
Referer: https://reurl.cc/
Origin: https://reurl.cc
DNT: 1
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:52:50 GMT
server: uvicorn
access-control-allow-origin: *
access-control-allow-methods: GET, POST, OPTIONS
access-control-max-age: 600
access-control-allow-headers: Accept, Accept-Language, Content-Language, Content-Type, X-TOKEN
content-length: 2
content-type: text/plain; charset=utf-8
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

event.tagtoo.co/permanent?fp=5db3a4e34790624df926db520a13f79f

34.96.83.10

48 B

URL
event.tagtoo.co/permanent?fp=5db3a4e34790624df926db520a13f79f
IP
34.96.83.10:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
JSON text data
Size
48 B (48 bytes)
Hash
f93939fa179b3e825a05315bd6bd05b5
c4fd2f76ddd56c53e685606cfc81c151e2a77fe4
64053fa3efac1c12a839796ecd316ffd4d823d9bb18640aabb5f4383a1eb4dd2

HTTP Headers

GET /permanent?fp=5db3a4e34790624df926db520a13f79f HTTP/1.1
Host: event.tagtoo.co
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-TOKEN: 4947f23b246ec00bfe183b09cb702d9e3593dddb6fcd42c2718236a4919a
Origin: https://reurl.cc
DNT: 1
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:52:50 GMT
server: uvicorn
content-length: 48
content-type: application/json
access-control-allow-origin: *
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

ttd-cm.tagtoo.com.tw/prn/uidm/?tuid=b7a8e221ba20b17ee16722d8ec5e4c50&pid=1009&puid=test_user_id&link=https%3A%2F%2Fneon.ly%2FvkaWa

34.160.218.201

21 B

URL
ttd-cm.tagtoo.com.tw/prn/uidm/?tuid=b7a8e221ba20b17ee16722d8ec5e4c50&pid=1009&puid=test_user_id&link=https%3A%2F%2Fneon.ly%2FvkaWa
IP
34.160.218.201:0
ASN
#396982 GOOGLE-CLOUD-PLATFORM

File type
JSON text data
Size
21 B (21 bytes)
Hash
5ef316db61af8b9f385a47160ff7a943
af0b1f921d3b8da2f5975844ecaf43eedf0cda68
de8a41e157ef0da2ade162ac2dc3a95e99ae93f24be2e671deef7a0df9677c12

HTTP Headers

GET /prn/uidm/?tuid=b7a8e221ba20b17ee16722d8ec5e4c50&pid=1009&puid=test_user_id&link=https%3A%2F%2Fneon.ly%2FvkaWa HTTP/1.1
Host: ttd-cm.tagtoo.com.tw
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Origin: https://reurl.cc
DNT: 1
Connection: keep-alive
Referer: https://reurl.cc/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: gunicorn/19.9.0
date: Thu, 18 Apr 2024 06:52:51 GMT
content-type: application/json
content-length: 21
vary: Origin
access-control-allow-origin: *
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
X-Firefox-Spdy: h2

webdemailsid-verifyloginservice656d8c690a4b551f51624fe680.square.site/favicon.ico

74.115.51.4

200 OK

1 B

URL GET HTTP/2
webdemailsid-verifyloginservice656d8c690a4b551f51624fe680.square.site/favicon.ico
IP
74.115.51.4:443
ASN
#27647 WEEBLY

Requested by
https://webdemailsid-verifyloginservice656d8c690a4b551f51624fe680.square.site/
Certificate
IssuerLet's Encrypt
Subjectsquare.site
Fingerprint52:97:AC:6B:DF:39:22:E7:27:37:98:58:0F:73:67:A2:E1:35:05:34
ValidityMon, 01 Apr 2024 00:25:07 GMT - Sun, 30 Jun 2024 00:25:06 GMT

File type
very short file (no magic)
Size
1 B (1 bytes)
Hash
93b885adfe0da089cdf634904fd59f71
5ba93c9db0cff93f52b521d7420e43f6eda2784f
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

HTTP Headers

GET /favicon.ico HTTP/1.1
Host: webdemailsid-verifyloginservice656d8c690a4b551f51624fe680.square.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: image/avif,image/webp,*/*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://webdemailsid-verifyloginservice656d8c690a4b551f51624fe680.square.site/
Cookie: publishedsite-xsrf=eyJpdiI6IjRWaTVVM3ZtVVRtV3QvclRweDRCb3c9PSIsInZhbHVlIjoiN1RWT2pJNGFPNUtra0FXbDB0eXhoaG83MlZxOWJKSzQrM0MzcHZJQTRkQTB1bnB6cVRzcVhIME1qZGlGb1ZtWWFXMkdiOVNFelZVSGRpRGN1K05Db2NVY1BRQTBucU1ScDFrdm5ZRk10WWh5QmxVcXNLV2FVcjNXS2xFUHc1QzgiLCJtYWMiOiIwNzE1MzkzMzcwYjc4NzA0YjNhN2RjODhkNWMzNWRiNmRjZDhkMjA1MGQ5ODE2YTNjOWRiMmE0NTgxYjYzMzc5IiwidGFnIjoiIn0%3D; XSRF-TOKEN=eyJpdiI6IlRJVGVKVWlqSjJyQjZqb29vS0VxOFE9PSIsInZhbHVlIjoidWdQbkE0S3ZBMVpMTVdiZThZVEtiNUx4eG03b0g1TVlxaWl5cnhFVEFpZUVwZGJPUUxhOW1YUmlDQlNVV3o3MldOckx2VXNRUkNsdHB5WENjWktkRUFnMmh5Y1BUZnRncHR6N1FiSnZuUFlEMm1JTk5JemVxcTlRa1I3aWVCSGciLCJtYWMiOiJiZGJlMmI1YjE4YmNiZmU4N2JlMWE4ZTJlZjIwMDkwYmI1ZDRmNDhmMzc2MGYwYzc3Mjk4NTY5YzVkYzQ0MDFhIiwidGFnIjoiIn0%3D; PublishedSiteSession=eyJpdiI6IjdRSXdnNmdGVlZUVENQQWl2V1h4U1E9PSIsInZhbHVlIjoickV6U3RTRk05b1BkeGpPcEkyblMwZHRQbnVTVk5xZjNQRnovcGpjMTgyOEh5TFF0YTFWdXJvbnlnZkZOdFRyR1dyVnR2U004RU02Y0VzVHl0a2FPVVpFTHlubm1INWV5NlFhV1Q2Z21xck1ncUxzZVk2TWthSmhsN0VVSHN6Wm4iLCJtYWMiOiIxNGYzMmM5YzBmZmE5ZjExYjM5ZGJhMmFkMzA5YjJmMTQzMGE2ZjI3MTU1Yzk3ZjY0OWU2NDhlYjcxMDk3YTJlIiwidGFnIjoiIn0%3D; __cf_bm=_qO9n.5_HHhxq2MUdxQ8U9koxmW_EOGAnzS88hIu.18-1713423172-1.0.1.1-yUb6l9QdsedSRrtGifNBN19zJRPGDCdn5biuDetLqGetvyeBUA7cIvEoe.m6zcuvvx4UPozXa_vWpLKC1yvpEQ
Sec-Fetch-Dest: image
Sec-Fetch-Mode: no-cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
TE: trailers

HTTP/2 200 OK
date: Thu, 18 Apr 2024 06:52:53 GMT
content-type: application/octet-stream
content-length: 1
cf-ray: 8762bc0bbfcbb524-OSL
cf-cache-status: DYNAMIC
accept-ranges: bytes
cache-control: max-age=315360000
etag: "93b885adfe0da089cdf634904fd59f71"
expires: Thu, 31 Dec 2037 23:55:55 GMT
last-modified: Tue, 14 Apr 2020 20:17:36 GMT
x-amz-meta-s3cmd-attrs: atime:1586895392/ctime:1586718963/gid:0/gname:root/md5:93b885adfe0da089cdf634904fd59f71/mode:33188/mtime:1586718963/uid:0/uname:root
x-amz-request-id: tx000009e1e0f77169d0cc6-0065fddbb5-ef1e76d-sfo1
x-host: blu61.sf2p.intern.weebly.net
x-request-id: 39501bbdba9323e89608834df5acdeee
x-revision: d6735131d6bb7390430da2367e66f4ee25f0062c
x-rgw-object-type: Normal
vary: Accept-Encoding
server: cloudflare
X-Firefox-Spdy: h2

reurl.cc/o5qVbD

35.185.130.121

200 OK

959 B

URL User Request GET HTTP/2
reurl.cc/o5qVbD
IP
35.185.130.121:443
ASN
#396982 GOOGLE-CLOUD-PLATFORM

Certificate
IssuerLet's Encrypt
Subjectreurl.cc
Fingerprint7E:A8:AA:A6:64:E0:31:0D:FB:B3:C3:64:65:42:35:A2:A1:77:16:B9
ValidityMon, 18 Mar 2024 02:31:50 GMT - Sun, 16 Jun 2024 02:31:49 GMT

File type
HTML document, ASCII text, with very long lines (997), with no line terminators
Size
959 B (959 bytes)
Hash
a314a7a6ecbb3e6adba94bd3c2632396
26602750114afc079593308f84f030f61eae93be
c5be29d303be190156b46ec375a8193a2894de5798c014fed181d7948b5964c3

Detections

Analyzer	Verdict	Alert
PhishTank	phishing	Other

HTTP Headers

GET /o5qVbD HTTP/1.1
Host: reurl.cc
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 200 OK
server: nginx/1.18.0 (Ubuntu)
date: Thu, 18 Apr 2024 06:52:50 GMT
content-type: text/html; charset=utf-8
access-control-allow-credentials: true
access-control-allow-origin: *
access-control-expose-headers: *, Authorization, X-Authorization
referrer-policy: no-referrer-when-downgrade
target: https://neon.ly/vkaWa
vary: Accept-Encoding, Origin
x-request-id: f335de68-cb98-4eb8-a40e-81c95e738f67
content-encoding: gzip
X-Firefox-Spdy: h2

webdemailsid-verifyloginservice656d8c690a4b551f51624fe680.square.site/

74.115.51.4

404 Not Found

1.6 kB

URL User Request GET HTTP/2
webdemailsid-verifyloginservice656d8c690a4b551f51624fe680.square.site/
IP
74.115.51.4:443
ASN
#27647 WEEBLY

Certificate
IssuerLet's Encrypt
Subjectsquare.site
Fingerprint52:97:AC:6B:DF:39:22:E7:27:37:98:58:0F:73:67:A2:E1:35:05:34
ValidityMon, 01 Apr 2024 00:25:07 GMT - Sun, 30 Jun 2024 00:25:06 GMT

File type
HTML document, ASCII text, with very long lines (1648), with no line terminators
Size
1.6 kB (1568 bytes)
Hash
2566bac27428e166f0eebcc38ce44b2a
f280dabc37d9bf8f5962f9daae1681bce222c2d4
5c5090dbd69302b64c3880c4698884746d3f2d20558457fb393b01f914eff24d

HTTP Headers

GET / HTTP/1.1
Host: webdemailsid-verifyloginservice656d8c690a4b551f51624fe680.square.site
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Referer: https://reurl.cc/
DNT: 1
Connection: keep-alive
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 404 Not Found
date: Thu, 18 Apr 2024 06:52:52 GMT
content-type: text/html; charset=UTF-8
cf-ray: 8762bc051e41b524-OSL
cf-cache-status: DYNAMIC
cache-control: no-cache, private
vary: Accept-Encoding
x-host: blu70.sf2p.intern.weebly.net
x-request-id: 0a120f6eef5451189f1070b37489f7e6
x-revision: d6735131d6bb7390430da2367e66f4ee25f0062c
set-cookie: publishedsite-xsrf=eyJpdiI6IjRWaTVVM3ZtVVRtV3QvclRweDRCb3c9PSIsInZhbHVlIjoiN1RWT2pJNGFPNUtra0FXbDB0eXhoaG83MlZxOWJKSzQrM0MzcHZJQTRkQTB1bnB6cVRzcVhIME1qZGlGb1ZtWWFXMkdiOVNFelZVSGRpRGN1K05Db2NVY1BRQTBucU1ScDFrdm5ZRk10WWh5QmxVcXNLV2FVcjNXS2xFUHc1QzgiLCJtYWMiOiIwNzE1MzkzMzcwYjc4NzA0YjNhN2RjODhkNWMzNWRiNmRjZDhkMjA1MGQ5ODE2YTNjOWRiMmE0NTgxYjYzMzc5IiwidGFnIjoiIn0%3D; expires=Thu, 02-May-2024 06:52:52 GMT; Max-Age=1209600; path=/; samesite=lax
XSRF-TOKEN=eyJpdiI6IlRJVGVKVWlqSjJyQjZqb29vS0VxOFE9PSIsInZhbHVlIjoidWdQbkE0S3ZBMVpMTVdiZThZVEtiNUx4eG03b0g1TVlxaWl5cnhFVEFpZUVwZGJPUUxhOW1YUmlDQlNVV3o3MldOckx2VXNRUkNsdHB5WENjWktkRUFnMmh5Y1BUZnRncHR6N1FiSnZuUFlEMm1JTk5JemVxcTlRa1I3aWVCSGciLCJtYWMiOiJiZGJlMmI1YjE4YmNiZmU4N2JlMWE4ZTJlZjIwMDkwYmI1ZDRmNDhmMzc2MGYwYzc3Mjk4NTY5YzVkYzQ0MDFhIiwidGFnIjoiIn0%3D; expires=Thu, 02-May-2024 06:52:52 GMT; Max-Age=1209600; path=/; samesite=lax
PublishedSiteSession=eyJpdiI6IjdRSXdnNmdGVlZUVENQQWl2V1h4U1E9PSIsInZhbHVlIjoickV6U3RTRk05b1BkeGpPcEkyblMwZHRQbnVTVk5xZjNQRnovcGpjMTgyOEh5TFF0YTFWdXJvbnlnZkZOdFRyR1dyVnR2U004RU02Y0VzVHl0a2FPVVpFTHlubm1INWV5NlFhV1Q2Z21xck1ncUxzZVk2TWthSmhsN0VVSHN6Wm4iLCJtYWMiOiIxNGYzMmM5YzBmZmE5ZjExYjM5ZGJhMmFkMzA5YjJmMTQzMGE2ZjI3MTU1Yzk3ZjY0OWU2NDhlYjcxMDk3YTJlIiwidGFnIjoiIn0%3D; expires=Thu, 02-May-2024 06:52:52 GMT; Max-Age=1209600; path=/; httponly; samesite=lax
__cf_bm=_qO9n.5_HHhxq2MUdxQ8U9koxmW_EOGAnzS88hIu.18-1713423172-1.0.1.1-yUb6l9QdsedSRrtGifNBN19zJRPGDCdn5biuDetLqGetvyeBUA7cIvEoe.m6zcuvvx4UPozXa_vWpLKC1yvpEQ; path=/; expires=Thu, 18-Apr-24 07:22:52 GMT; domain=.square.site; HttpOnly; Secure; SameSite=None
server: cloudflare
content-encoding: gzip
X-Firefox-Spdy: h2

neon.ly/vkaWa

18.192.223.43

301 Moved Permanently

1.6 kB

URL User Request GET HTTP/2
neon.ly/vkaWa
IP
18.192.223.43:443
ASN
#16509 AMAZON-02

Certificate
IssuerAmazon
Subjectneon.ly
FingerprintF5:1E:C7:8C:18:19:EC:AE:5E:66:AB:D7:96:40:DC:48:E4:B8:B8:E6
ValidityFri, 22 Mar 2024 00:00:00 GMT - Sun, 20 Apr 2025 23:59:59 GMT

File type

Size
1.6 kB (1568 bytes)
Hash
d41d8cd98f00b204e9800998ecf8427e
da39a3ee5e6b4b0d3255bfef95601890afd80709
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

HTTP Headers

GET /vkaWa HTTP/1.1
Host: neon.ly
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Referer: https://reurl.cc/
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache

HTTP/2 301 Moved Permanently
date: Thu, 18 Apr 2024 06:52:51 GMT
content-type: text/html; charset=UTF-8
location: https://webdemailsid-verifyloginservice656d8c690a4b551f51624fe680.square.site
server: nginx
x-powered-by: PHP/7.4.30
X-Firefox-Spdy: h2

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (0)

HTTP Transactions (14)

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type

Size

Hash

HTTP Headers

URL

IP

ASN

File type